Skip to content

Commit e813343

Browse files
paigerube14claude
paigerube14
and
claude
committed
bump vulnerable transitive dependencies to patched versions
- kubernetes: ==34.1.0 → >=35.0.0 (unlocks urllib3 v2.x support) - urllib3: >=2.1.0,<2.4.0 → >=2.6.3 (CVEs: decompression bombs, redirect bypass) - cryptography: >=42.0.4 → >=46.0.7 (subgroup attack, buffer overflow, DNS CVEs) - requests: stays <2.32; blocked by docker-py 6.x Unix socket dependency (fix: upgrade docker to >=7.0 and requests to >=2.33.0 in a follow-up) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Paige Patton <prubenda@redhat.com>
1 parent e296565 commit e813343

1 file changed

Lines changed: 6 additions & 6 deletions

File tree

requirements.txt

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -8,16 +8,16 @@ azure-mgmt-compute==30.5.0
88
azure-mgmt-network==27.0.0
99
coverage==7.6.12
1010
datetime==5.4
11-
docker>=6.0,<7.0 # docker 7.0+ has breaking changes; works with requests<2.32
11+
docker>=6.0,<7.0 # docker 7.0+ has breaking changes; upgrade to 7.x to allow requests>=2.33.0
1212
gitpython==3.1.47
1313
google-auth==2.37.0
1414
google-cloud-compute==1.22.0
1515
ibm_cloud_sdk_core>=3.20.0 # Requires urllib3>=2.1.0 (compatible with updated boto3)
1616
ibm_vpc==0.26.3 # Requires ibm_cloud_sdk_core
1717
jinja2==3.1.6
1818
lxml==6.1.0
19-
kubernetes==34.1.0
20-
krkn-lib==6.0.6
19+
kubernetes>=35.0.0
20+
krkn-lib==6.0.7
2121
numpy==1.26.4
2222
pandas==2.2.0
2323
openshift-client==1.0.21
@@ -27,9 +27,9 @@ pyfiglet==1.0.2
2727
pytest==9.0.3
2828
python-ipmi==0.5.4
2929
python-openstackclient==6.5.0
30-
requests<2.32 # requests 2.32+ breaks Unix socket support (http+docker scheme)
30+
requests<2.32 # requests 2.32+ breaks docker Unix socket support; blocked until docker>=7.0
3131
requests-unixsocket>=0.4.0 # Required for Docker Unix socket support
32-
urllib3>=2.1.0,<2.4.0 # Compatible with all dependencies
32+
urllib3>=2.6.3 # CVE fixes; kubernetes>=35.0.0 allows urllib3>=2.x
3333
service_identity==24.1.0
3434
PyYAML==6.0.1
3535
setuptools==78.1.1
@@ -38,5 +38,5 @@ zope.interface==6.1
3838
colorlog==6.10.1
3939

4040
git+https://github.com/vmware/vsphere-automation-sdk-python.git@v8.0.0.0
41-
cryptography>=42.0.4 # not directly required, pinned by Snyk to avoid a vulnerability
41+
cryptography>=46.0.7 # pinned to avoid multiple CVEs (subgroup attack, buffer overflow, DNS constraints)
4242
protobuf>=4.25.8 # not directly required, pinned by Snyk to avoid a vulnerability

0 commit comments

Comments
 (0)